Learn how to build a Zigbee Protocol Analyzer using a CC2531 dongle with Texas Instruments firmware. On this tutorial I will guide through the all process
Hardware Used
| Hardware | Price | Store |
| USB cc2531 Dongle | 5 | Vendor |
| CC Debugger | 15 | Vendor |
cc2531 usb sniffer Features
The CC2531 USB dongle is a fully functional USB device that connects a PC to IEEE802.15.4 / ZigBee applications.
It has CC2531ZNP-Prod firmware and may be used as a Zigbee packet sniffer when inserted straight into a PC, Raspberry, etc.
- Flashed with CC2531ZNP-Prod firmware for zigbee2mqtt application
- Lead out 8 IO connectors
- Debug interface
- Size: 5.6*1.6*0.7cm
- Two buttons and two LEDs for user interaction
CC Debugger
The CC Debugger is a small programmer and debugger for the TI Low Power RF System-on-Chips.
It can be used together with IAR Embedded Workbench for 8051 (version 7.51A or later) for debugging and SmartRF Flash Programmer for flash programming.
![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/debugger-programmer-simplelink-solutions.jpg "[Top] Zigbee Protocol Analyzer: What you need to know 17")
The CC Debugger can also be used for controlling selected devices from SmartRF Studio.
Software Used
| Software | Version | Download |
| Debian Buster armv7l | 5.10.103-v7 | |
| CC-Tool | ||
| Wireshark | ||
| WHsniff | 1.3 | WHsniff Git |
| Texas Sniffer | Sniffer Firmware |
Install all dependencies
In order to all software work we need to install some dependencies, execute:
sudo apt-get install -y libusb-1.0-0-dev wireshark libboost-all-dev p7zip-fullInstall CC-Tool
rfs@offensive-wireless:~/ZigBee_Sniffer $ git clone https://github.com/dashesy/cc-tool.git
rfs@offensive-wireless:~/ZigBee_Sniffer $ cd cc-tool![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-35.png "[Top] Zigbee Protocol Analyzer: What you need to know 18")
rfs@offensive-wireless:~/ZigBee_Sniffer/cc-tool $ ./bootstrap![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-36.png "[Top] Zigbee Protocol Analyzer: What you need to know 19")
rfs@offensive-wireless:~/ZigBee_Sniffer/cc-tool $ ./configure![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-37.png "[Top] Zigbee Protocol Analyzer: What you need to know 20")
rfs@offensive-wireless:~/ZigBee_Sniffer/cc-tool $ make![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-38.png "[Top] Zigbee Protocol Analyzer: What you need to know 21")
Download Sniffer Firmware
![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-44-1024x308.png "[Top] Zigbee Protocol Analyzer: What you need to know 22")
![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-32.png "[Top] Zigbee Protocol Analyzer: What you need to know 23")
rfs@offensive-wireless:~/ZigBee_Sniffer $ unzip swrc045z.zip -d firmware_extracted![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-33.png "[Top] Zigbee Protocol Analyzer: What you need to know 24")
$ 7z e firmware_extracted/Setup_SmartRF_Packet_Sniffer_2.18.0.exe bin/general/firmware/sniffer_fw_cc2531.hex![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-34-1024x421.png "[Top] Zigbee Protocol Analyzer: What you need to know 25")
sudo <path-to>/cc-tool -e -w <path-to>/sniffer_fw_cc2531.hexWrite the Firmware into cc2531
rfs@offensive-wireless:~/ZigBee_Sniffer $ sudo ./cc-tool/cc-tool -e -w sniffer_fw_cc2531.hex![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-43.png "[Top] Zigbee Protocol Analyzer: What you need to know 26")
How to Install whsniff – Zigbee sniffer software
curl -L https://github.com/homewsn/whsniff/archive/v1.3.tar.gz | tar zx
cd whsniff-1.3![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-39.png "[Top] Zigbee Protocol Analyzer: What you need to know 27")
rfs@offensive-wireless:~/ZigBee_Sniffer/whsniff-1.3 $ make
![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-40.png "[Top] Zigbee Protocol Analyzer: What you need to know 28")
rfs@offensive-wireless:~/ZigBee_Sniffer/whsniff-1.3 $ sudo make install![[Top] Zigbee Protocol Analyzer: What you need to know](https://www.offensive-wireless.com/wp-content/uploads/2022/06/image-41.png "[Top] Zigbee Protocol Analyzer: What you need to know 29")
Zigbee Protocol Analyzer
sudo whsniff -c 11 | wireshark -k -i -ssh [email protected] "whsniff -c 18" | wireshark -k -i -Configure our ZigBee Packet Sniffer to decode
Can zigbee sniffer see ieee mac address?
Yes, any ZigBee sniffer can see ieee MAC Address.
